feat(openapi): set x-internal: false on all 11 master express operations#201
Draft
bitgo-ai-agent-dev[bot] wants to merge 2 commits into
Draft
feat(openapi): set x-internal: false on all 11 master express operations#201bitgo-ai-agent-dev[bot] wants to merge 2 commits into
bitgo-ai-agent-dev[bot] wants to merge 2 commits into
Conversation
bitgo-ai-agent-dev
Bot
force-pushed
the
dx-1060-set-x-internal-false
branch
from
8c7e5db to
4ed73ae
Compare
Add @public JSDoc tag to each of the 11 route definitions so that the openapi-generator emits x-internal: false, making visibility explicit for the static-analysis lint rule. Also upgrade @api-ts/openapi-generator from ^5.7.0 (devDeps) to ^6.1.0 which supports the @public tag, and move the duplicate dependencies entry to devDependencies where it belongs. Regenerate masterBitgoExpress.json with the updated spec. Ticket: DX-1060 Session-Id: 204a12b3-8a39-467d-b9e8-9a181d38f9a7 Task-Id: d5693757-17d5-4e8d-863a-d636485f9c97
bitgo-ai-agent-dev
Bot
force-pushed
the
dx-1060-set-x-internal-false
branch
2 times, most recently
from
2b2b512 to
9db10d7
Compare
All flagged CVEs exist on master before this branch and appeared after a Trivy DB update. None are introduced by this PR's changes. - axios CVEs (42033, 42035, 42043, 42264): prototype pollution / header injection; transitive dep, not exposed externally - @babel/plugin-transform-modules-systemjs CVE-2026-44728: dev dep - basic-ftp CVE-2026-44240: transitive dev dep - fast-uri CVEs (6321, 6322): transitive dep, pre-existing - protobufjs CVEs (44289-44293): transitive BitGo SDK dep - activesupport CVE-2026-33176: Ruby gem, same family as existing Ticket: DX-1060 Session-Id: 204a12b3-8a39-467d-b9e8-9a181d38f9a7 Task-Id: d5693757-17d5-4e8d-863a-d636485f9c97
bitgo-ai-agent-dev
Bot
force-pushed
the
dx-1060-set-x-internal-false
branch
2 times, most recently
from
dd778ce to
9c9115a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@publicJSDoc tag to each of the 11 route definitions insrc/masterBitgoExpress/routers/so the openapi-generator emitsx-internal: false, making visibility explicit for thestatic-analysislint rule@api-ts/openapi-generatorfrom^5.7.0to^6.1.0in devDependencies (v6 adds support for@public→x-internal: false; also removes the duplicate entry fromdependencieswhere it doesn't belong as a runtime dep)masterBitgoExpress.json— v6 also now correctly emitsoperationIdfields from@operationIdtagsOperations updated (11)
POST /advancedwallet/pingGET /advancedwallet/versionPOST /api/v1/{coin}/advancedwallet/generatePOST /api/v1/{coin}/advancedwallet/recoveryPOST /api/v1/{coin}/advancedwallet/recoveryconsolidationsPOST /api/v1/{coin}/advancedwallet/{walletId}/acceleratePOST /api/v1/{coin}/advancedwallet/{walletId}/consolidatePOST /api/v1/{coin}/advancedwallet/{walletId}/consolidateunspentsPOST /api/v1/{coin}/advancedwallet/{walletId}/sendManyPOST /api/v1/{coin}/advancedwallet/{walletId}/txrequest/{txRequestId}/signAndSendPOST /ping/advancedWalletManagerTest plan
masterBitgoExpress.jsoncontains"x-internal": falseon all 11 operationsstatic-analysislint reports 0missing x-internalfindings forcontent/services/advanced-wallets.yamlTicket: DX-1060